This case can happen if the User, after logging in via Keycloak, doesn't yet exist in Control-API / OpenShift.
Additional Context
No response
Logs
Excerpt:
{
"error":{
"ok":false,
"url":"https://portal.appuio.cloud/appuio-api/apis/appuio.io/v1/users/<name>",
"name":"HttpErrorResponse",
"error":"[Object]",
"status":403,
"headers":"[Object]",
"message":"Http failure response for https://portal.appuio.cloud/appuio-api/apis/appuio.io/v1/users/<name>: 403 Forbidden",
"statusText":"Forbidden"
},
"message":"users.appuio.io \"<name>\" is forbidden: User \"appuio#<name>\" cannot get resource \"users\" in API group \"appuio.io\" at the cluster scope",
"requestData":null
}
Expected Behavior
The error is catched (graceful degradation)
The user name and avatar in the top right menu are largely unaffected, since the username is retrieved from the oauth login flow.
However, it certainly affects /user and the loading of the default organization.
Description
Ref: https://app.glitchtip.com/vshn-ag/issues/1869580
This case can happen if the User, after logging in via Keycloak, doesn't yet exist in Control-API / OpenShift.
Additional Context
No response
Logs
Excerpt:
Expected Behavior
The error is catched (graceful degradation)
The user name and avatar in the top right menu are largely unaffected, since the username is retrieved from the oauth login flow.
However, it certainly affects
/user
and the loading of the default organization.Steps To Reproduce
Visit https://portal.appuio.cloud with a user that doesn't (yet) exist in Control-API/OpenShift.